- Original Poster
- #1
Got a merchant (not the same one as in the 'advice needed on shopping cart' thread...) who is using a hosted payment page solution but within an iframe on their site.
I'm trying to convince them that this is a bad idea. Even though the hosted payment page is run from a secure server, the customer gets no indication of this as it is only displayed in a iframe - so their browser still shows the sites normal (http) url. No amount of 'this is a secure page, honest guv' type text or images you add can really show to the customer that it is a genuine secure payment page on an approved payment provider.
I know the data within that iframe is secure, and as it's a different domain anything outside the iframe can't read any data etc inside the iframe. My concern is all about the customers' re-assurance that things are indeed secure.
Does anyone know of any reports or similar on this sort of approach that I can show to the merchant to try and convince them that they are better off using the hosted payment page as a full page and not in a frame - as in that way the customer gets to see in their browser that they are indeed on a secure site etc.
I'm trying to convince them that this is a bad idea. Even though the hosted payment page is run from a secure server, the customer gets no indication of this as it is only displayed in a iframe - so their browser still shows the sites normal (http) url. No amount of 'this is a secure page, honest guv' type text or images you add can really show to the customer that it is a genuine secure payment page on an approved payment provider.
I know the data within that iframe is secure, and as it's a different domain anything outside the iframe can't read any data etc inside the iframe. My concern is all about the customers' re-assurance that things are indeed secure.
Does anyone know of any reports or similar on this sort of approach that I can show to the merchant to try and convince them that they are better off using the hosted payment page as a full page and not in a frame - as in that way the customer gets to see in their browser that they are indeed on a secure site etc.
Last edited:
